Installation

How to use Splunk Secure Gateway in Splunk Cloud?

anandhalagaras1
Communicator

Hi Team,

 

We got an requirement to use the "Splunk Secure Gateway" app in our ES- Search Head and our Search head is in Splunk Cloud.

Splunk Secure Gateway version is 3.0.9

Splunk Cloud version 8.2.2203.2

We have already provided the Authentication to the Search Head via SAML (Azure) and we have created few groups ess_admin, ess_analyst, ess_user etc and provided authentication to the users and the users are logging into SH via SAML.

 

So when I navigated to the App" Splunk Secure Gateway" in the Search head it says a message as "SAML needs to be set up for Connected Experiences before devices can be registered" i.e. To configure SAML.

Then when i clicked Configure SAML it navigates to the next page and here when I clicked "Connect to a SAML IdP" (Mentioned as Needs Action) so when i clicked the Take Action under Okta or Azure option it has navigated to SAML Groups page.

And after which I am not sure what should i need to do and moreover when I tried to create authentication token i am getting an error as below "Token creation failed because: Cannot use tokens for SAML user xxx because neither attribute query requests (AQR) nor scripted auth are supported."

 

So kindly help me on how to use the app "Splunk Secure Gateway" in our Splunk Cloud Search head. 

 

 

Labels (2)

kelstahl8705
Path Finder

wondering if anyone has more insight on this one. I am having the same issue. we use azure to authenticate and have been for a while but when I go to set this app up (again) i'm just taken to our SAML page which already has a SAML configuration.

0 Karma

jfaldmomacu
Path Finder

I'm in the same boat as you @anandhalagaras1 @kelstahl8705  Were you able to get an answer to this? 

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...